2

I am porting a web application to userfrosting I need to post a JSON data object. I am struggling with the csrf token.

The following code works fine with CSRF in userfrosting

    var postdata = {
      field1: 1,
      filed2: "data",
      csrf_token: $("meta[name=csrf_token]").attr("content")
    };

    $.ajax( { type: "POST", url: url, data: postdata, dataType: "json",
      success: ...,
      error: ...
    });

However, I need to post data as JSON and would like to use the following

    var postdata = {
      field1: 1,
      filed2: "data",
    };

    $.ajax( { type: "POST", url: url,
              data: JSON.stringify( postdata ), dataType: "json",
              contentType: "application/json; charset=utf-8",
      success: ...,
      error: ...
    });

How would I go about to add the csrf_token to get this working in userfrosting?

alexw
  • 8,468
  • 6
  • 54
  • 86
Pandos
  • 21
  • 2
  • Does it not work when you include it in your `postdata` object, as you do in the first working example? – alexw Jun 13 '16 at 04:14
  • Thanks. Yes, I did try to add the token in my JSON data without success. It seems like userfrosting framework will not get the token from JSON post. This could be a limitation in userfrosting. If I do not find an alternative solution I will have to update my slim-hooks and parse the posts differently. I was hoping that I would not need to. Of course there is always an alternative (bad) option to remove the CSRF check. – Pandos Jun 13 '16 at 17:25
  • Can you use your browser's console tools to inspect the request, and show us the data that is actually being submitted in the `POST`? – alexw Jun 13 '16 at 20:45

0 Answers0